WHAT IS CLAIMED IS 



1. A data transmission controlling method for 



controlling tr^ 



me^ 



nsmission of data from data transmitting 



ans to data leceiving means over communication channels. 



said data transmission controlling method comprising the 



steps of: 

transmitting data encrypted by said data 
transmitting meins to said data receiving means over a 
first communicatiion channel provided for data 
transmission frdm said data transmitting means to said 
data receiving means; and 

transmitting to said data receiving means 
restrictive data 1 transmission control information for 
causing the encrybted data to be received solely by 
specific data receiving means at least over a second 
communication chaiAnel which, having a smaller capacity of 
data transmission than said first communication channel, 
is also used for data transmission from said data 
receiving means to \said data transmitting means. 

2. A data transmission controlling method 
according to claim 1, wherein said second communication 
channel is a communilcation channel permitting 
bidirectional communti cation between said data 



transmitting means ahd said data receiving means 
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3. A data transmission controlling method 
according to claim 1, wherein said data transmitting 
means performs data encryption using an encryption key 
and wherein salid encrypted data from said data 
transmitting mbans are decrypted by said data receiving 
means utilizing a decryption key identical to said 
encryption key lused in the data encryption. 

4. A dana transmission controlling method 
according to claim 3, wherein said encryption key and 
said decryption Ikey are session keys for encrypting and 
decrypting information and data. 

5. A data! transmission controlling method 
according to claim 4, wherein said session keys are 
updated at predetermined intervals. 

6. A data Itransmission controlling method 
according to claim 4, wherein said data transmitting 
means and said datla receiving means have a master key 
specific to said data receiving means; 

wherein saia data transmitting means encrypts said 
session keys using Isaid master key and transmits the 
encrypted session keys to said data receiving means over 
either said first communication channel or said second 
communication channel; and 

wherein said data receiving means decrypts said 



encrypted sess 



7. A data transmission controlling method 



according to c 



means possesse 



ion keys received using said master key 



laim 6, wherein said data transmitting 
s said session keys corresponding to all 



data receiving means authorized to receive specific 



information an 



wherein 



authorized to 



d data; and 



said data transmitting means transmits in 



advance said session keys to said data receiving means 



receive specific information and data, 
ta transmission controlling method 



8 . A dc 



according to claim 1, wherein said first communication 
channel is a s.itellite link permitting unidirectional 
communication from said data transmitting means to said 



data receiving 



wherein 



means; and 



3aid second communication channel is a 



communication cfliannel permitting bidirectional 



communication between said data transmitting means and 
said data receiving means . 

9. A data transmission controlling method 
according to clalim 1, wherein said data receiving means 
is constituted as an IP router. 

10. A data transmission controlling method 
according to claolm 1, wherein said data receiving means 



is constituted as a bridge. 
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11. A dc 



ta transmission system comprising: 



data transmitting means for encrypting data and 
transmitting the encrypted data; 

data receiving means for receiving said encrypted 
data from saidldata transmitting means; 

a first communication channel used for data 



transmission f 



data receiving 



rom said data transmitting means to said 



means; and 



for data trans 



data transmitt 



a second communication channel which is also used 



Tiission from data receiving means to said 
ing means and which has a smaller capacity 



of data transmp-ssion than said first communication 
channel ; 

wherein Isaid first communication channel is used to 
transmit said encrypted data; and 



is use 



wherein at least said second communication channel 
d to transmit restrictive data transmission control 



information fori causing said encrypted data to be 
received solely! by specific data receiving means. 

12 . A data transmission system according to claim 
11, wherein said! data transmitting means performs data 
encryption using! an encryption key and wherein said 
encrypted data f^om said data transmitting means are 



decrypted by said! data receiving means utilizing a 



decryption key ildentical to said encryption key used in 
the data encryption . 



13 . A dat 



12 , wherein said 



are session keys 



a transmission system according to claim 
encryption key and said decryption key 
for encrypting and decrypting 



information and data. 

14. A data transmission system according to claim 



13, wherein said 



session keys are updated at 



predetermined intervals . 

15. A data 1 transmission system according to claim 
13, wherein said dlata transmitting means and said data 
receiving means haye a master key specific to said data 
receiving means ; 

wherein saidl data transmitting means encrypts said 
session keys using said master key and transmits the 
encrypted session keys to said data receiving means over 
ei ther said first communication channel or said second 
communication channel ; and 

wherein said data receiving means decrypts said 



encrypted session ke 



s received using said master key 



16. A data transmission system according to claim 



15, wherein said data transmitting means possesses said 
session keys corresponding to all data receiving means 
authorized to receive! specif ic information and data; and 
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wnerein said data transmitting means transmits in 
advance said session keys to said data receiving means 
authorizeid to receive specific information and data. 

17.1 A data transmission system according to claim 
11, whereivn said first communication channel is a 
satellite link permitting unidirectional communication 
from said dlata transmitting means to said data receiving 



means . 



18. A data transmission system according to claim 
11, wherein said data receiving means is constituted as 

an IP router. 

19. A kata transmission system according to claim 
11, wherein sa\id data receiving means is constituted as a 
bridge . 

20. A d^ta transmission controlling method for 
controlling transmission of data from data transmitting 



me 



ans to data relceiving means over communication channels 



and for causing feaid data transmitting means to encrypt 
data and transmit! the encrypted data to said data 
receiving means oyer said communication channels, said 
data transmission Icontrolling method comprising the steps 



of : 



encapsulatirlg the data to be transmitted in 



multiplexed fashion! in accordance with a plurality of 



protocols^ and 

encWpting at least one of data capsules resulting 

from the encapsulation. 

21. 1 A data transmission controlling method 
according tlo claim 20, wherein the data encapsulating 

step includes: 

a firist encapsulating step for encapsulating the 
data to be transmitted to said data receiving means in 
accordance with a first protocol; and 

a second encapsulating step for further 
encapsulating! the encapsulated data from said first 
encapsulating istep in accordance with a second protocol; 

whereinlsaid first encapsulating step supplements a 
real data part \ including said data to be transmitted to 
said data receiWing means with an additional information 
part associated! with said real data part, said first 
encapsulating stlep further encrypting said real data part. 

22. A dana transmission controlling method 
according to claim 21, wherein said additional 
information part lincludes destination address information 
identifying the dkta receiving means authorized to 
receive data incllided in said real data part. 

23. A data 1 transmission controlling method 
according to claim! 22, wherein said destination address 
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informationl is either individual or group destination 
address information . 
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data transmission controlling method 



according to\ claim 22, wherein said data transmitting 
means possesses session keys corresponding to said 
destination ajidress information, said session keys being 
used by said data transmitting means to encrypt 
information and data and by said receiving means to 
decrypt the endrypted information and data received; and 
wherein said data transmitting means transmits in 
advance said session keys to the data receiving means 
authorized to receive the transmitted information and 
data in accordance with said destination address 
information . 

25. A data\ transmission controlling method 
according to claim 24, wherein said session keys are 
updated at predetermined intervals, 

26. A data transmission controlling method 
according to claim 124, wherein said session keys are 
transmitted over a communication channel permitting 
either unidirectional communication from said data 
transmitting means to said data receiving means or 
bidirectional communication therebetween . 



27. A data tiansmi ssion controlling method 



1 

j 

according to claim 21, wherein said first encapsulating 



step uniquely 



determines how said destination address 



information attached to said real data part is stored 
into said additional information part, said first 



encapsulating 
using a master 



corresponding 



step further encrypting said real data part 

key specific to the data receiving means 
to said destination address information. 



28. A data transmission controlling method 
according to c.aim 22, wherein said additional 
information pai't provides a 48 -bit space in which to 
accommodate sadd destination address information. 



29 . Ad 



ta transmission controlling method 



according to clWim 21, wherein said first encapsulating 
step encapsulates the data to be transmitted to said data 
receiving means! in accordance with either the Internet 
protocol or the lEthernet protocol. 

30. A data transmission controlling method 
according to clakm 20, wherein said data receiving means 
is constituted as an IP router. 

31. A data transmission controlling method 
according to claim 20, wherein said data receiving means 
is constituted asl a bridge. 

32. A data transmission controlling method for 
controlling transmission of data from data transmitting 
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eans to data receiving means over communication channels 



and for causing said data transmitting means to encrypt 
data and transmit! the encrypted data to said data 
receiving means over said communication channels, said 
data transmission! controlling method comprising the steps 
of: 

encrypting Idata using an encryption key; 
supplementing the encrypted data with encryption 
key information abput said encryption key; 

transmitting said encrypted data together with said 



encryption key information from said data transmitting 



means to said data 



decrypting s 



receiving means; and 

aid encrypted data using one of a 



plurality of decryp 



receiving means to 



tion keys which allow said data 
decrypt said encrypted data and which 



are updated f requen :ly, said one of the decryption keys 
being selected in accordance with said encryption key 
information attached to said encrypted data. 

33. A data transmission controlling method 



according to claim 3 
decryption keys incl 



currently usable for 



received, and a deer 



2, wherein said plurality of 
ude a decryption key which is 

decrypting said encrypted data 
yption key which is to be used next 



to decrypt said encrypted data received; and 
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wherein jiaid data decrypting step selects the 
currently usabl 5 decryption key based on said encryption 



key information 



34, A data transmission controlling method 



according to claim 33, wherein said encryption key and 
said decryption Ikeys are session keys for encrypting 
information and aata. 

35. A data transmission controlling method 
according to clailm 34, wherein said session keys are 
updated at predetermined intervals. 

36. A datal transmission controlling method 
according to claim 32, wherein said data receiving means 
is constituted as Ian IP router. 

37. A data Itransmission controlling method 
according to claim! 32, wherein said data receiving means 



is constituted as a bridge 



